Re: HTTP/2.0 -04 candidate from Sam Pullara on 2013-07-02 (ietf-http-wg@w3.org from July to September 2013)

From: Sam Pullara <spullara@gmail.com>
Date: Mon, 1 Jul 2013 22:22:58 -0700
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Shigeki Ohtsu <ohtsu@iij.ad.jp>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <272F928C-7383-4141-9271-4C1D39A9444A@gmail.com>

It looks like that this could be an issue:

   The header fields in PUSH_PROMISE MUST include the ":scheme", ":host"
   and ":path" header fields that identify the resource that is being
   pushed.  A PUSH_PROMISE always implies an HTTP method of GET.  If a
   client receives a PUSH_PROMISE that does not include these header
   fields, or a value for the ":method" header field, it MUST respond
   with a stream error (Section 5.4.2) of type PROTOCOL_ERROR.

I suggest that you limit to same origin and remove the :schema and the :host. It is quite probable that a different host, even if could be served from the same IP address, actually resolves to a different IP address when the client resolves it. Even the same :host could resolve to a different IP address. Also, do you really want the resource to use a different scheme than the original request? My suggestion on this is to limit PUSH_PROMISE to same origin and require only the :path header field to be set. Simplifies things quite a bit and the client should already know the :schema and :host header.

Sam

On Jul 1, 2013, at 9:37 PM, Martin Thomson <martin.thomson@gmail.com> wrote:

> Thanks, this was a bit rushed in parts so I potentially botched a few edits. Pull requests much appreciated, especially for the small stuff.
> 
> On Jul 1, 2013 9:30 PM, "Shigeki Ohtsu" <ohtsu@iij.ad.jp> wrote:
> Thanks for your great work.
> 
> I've just read through the draft and submited a PR for some editrial fixes againt a layering branch.
> https://github.com/http2/http2-spec/pull/157
> Please review it. If the PR to the branch is not good for fix, pelase let me know it.
> 
> Regards,
> 
> (2013/07/02 9:23), Martin Thomson wrote:
> Those people who volunteered to contribute to the layering work in the
> SF interim have come up with something.  This includes a restructuring
> of the content.
> 
> Since the changes are large in scope, we're not submitting this as
> draft-ietf-httpbis-http2-04.  I've put this up as an individual
> submission so that people can comment on structure, text, omissions:
> 
>   http://tools.ietf.org/html/draft-unicorn-httpbis-http2-00
> 
> Note: This is a proposal for the content of the
> draft-ietf-httpbis-http2-04.  Please let us know - as soon as possible
> - if the idea of this becoming a -04 offends you somehow.
> 
> This draft includes resolutions to all the issues on our milestone,
> with the exception of two (#75: default priorities, #17: opaque data
> in GOAWAY and RST_STREAM), which I plan to address tomorrow.
> 
> Now, most of the final pass is my fault (with a little help from the
> github unicorn), so blame me for all the bad stuff and praise Jeff and
> James for providing all the good stuff.
> 
> 
>

Received on Tuesday, 2 July 2013 05:23:29 UTC